Presentation LoRaWAN vulnerability analysis: (in)validation of possible vulnerabilities in the LoRaWAN protocol specification

Pieter Koopman

The Things Network User

Posted on 28-02-2018

On Friday March 2, OU-student Eef van Es will present his MSc CS thesis research entitled 'LoRaWAN vulnerability analysis: (in)validation of possible vulnerabilities in the LoRaWAN protocol specification'.

Time: 9:00 - 10:00 h
Location: Radboud University Mercator I, room 002

LoRaWAN is a recent network protocol designed by the LoRa Alliance. This protocol is intended for wireless, battery-operated nodes in a regional, national, or global network, and is mainly used for Internet-of-Things. The following research question is answered in this study: “Can evidence be found that (in)validates vulnerabilities in the LoRaWAN protocol specification?“ Two major research activities have been performed: 1) analysis of selected attacks applicable to the LoRaWAN specification, and 2) modeling and validation of possible findings. During the first research activity, selected attacks have been analyzed against the LoRaWAN v1.0.2 and v1.1 specifications. Resulting findings are used in a second research activity in which Coloured Petri Net models have been constructed for each finding, and simulation has been used for a more formal validation of the constructed models. This study resulted in three vulnerabilities, attacks on: 1) network beaconing frames to manipulate downlink reception windows, 2) end-device uplink network frames to manipulate the network server downlink routing table, and 3) Join-Accept messages during an Over-the-Air-Activation. All vulnerabilities have been found independently of others. However, during this study (limited) details have been published by others already.